File CVE-2023-5752-r-param-hg.patch of Package python-pip

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2023-5752-r-param-hg.patch of Package python-pip

From 389cb799d0da9a840749fcd14878928467ed49b4 Mon Sep 17 00:00:00 2001
From: Pradyun Gedam <pradyunsg@users.noreply.github.com>
Date: Sun, 1 Oct 2023 14:10:25 +0100
Subject: [PATCH 1/2] Use `-r=...` instead of `-r ...` for hg

This ensures that the resulting revision can not be misinterpreted as an
option.
---
 news/12306.bugfix.rst              |    1 +
 src/pip/_internal/vcs/mercurial.py |    2 +-
 tests/unit/test_vcs.py             |    2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

--- /dev/null
+++ b/news/12306.bugfix.rst
@@ -0,0 +1 @@
+Use ``-r=...`` instead of ``-r ...`` to specify references with Mercurial.
--- a/src/pip/_internal/vcs/mercurial.py
+++ b/src/pip/_internal/vcs/mercurial.py
@@ -38,7 +38,7 @@ class Mercurial(VersionControl):
 
     @staticmethod
     def get_base_rev_args(rev):
-        return [rev]
+        return ["-r={}".format(rev)]
 
     def export(self, location, url):
         # type: (str, HiddenText) -> None
--- a/tests/unit/test_vcs.py
+++ b/tests/unit/test_vcs.py
@@ -57,7 +57,7 @@ def test_rev_options_repr():
     # First check VCS-specific RevOptions behavior.
     (Bazaar, [], ['-r', '123'], {}),
     (Git, ['HEAD'], ['123'], {}),
-    (Mercurial, [], ['123'], {}),
+    (Mercurial, [], ['-r=123'], {}),
     (Subversion, [], ['-r', '123'], {}),
     # Test extra_args.  For this, test using a single VersionControl class.
     (Git, ['HEAD', 'opt1', 'opt2'], ['123', 'opt1', 'opt2'],

Places

File CVE-2023-5752-r-param-hg.patch of Package python-pip

Places